Cybercriminals have launched yet another massive spam campaign, this time impersonating AT&T’s Billing Center, in an attempt to trick end and corporate users into downloading a bogus Online Bill.

Once gullible and socially engineered users click on any of the links found in the malicious emails, they’re automatically redirected to a Black Hole exploit kit landing URL, where they’re exposed to client-side exploits, which ultimately drop a piece of malicious software on the affected hosts.

Upon successful client-side exploitation, the campaigns drops MD5: c497b4d6dfadd4609918282cf91c6f4e on the infected hosts, currently detected by 19 out of 41 antivirus scanners as Trojan.Generic.KD.687203; W32/Cridex-Q.

As we already predicted, cybercriminals will continue rotating popular brands, introduce new email templates, and newly undetected pieces of malware in an attempt to achieve a higher click-through rate for their malicious campaigns.

[…] this command and control server used in numerous profiled campaigns, such as, for instance, the AT&T Billing Center impersonation one, the Craigslist spam campaign, the PayPal spam campaign, the eBay spam campaign, and the […]